Hackin9
Hewlett-Packard misled IT buyers about plans to phase out its Itanium server platform and in the process stole potential sales from Oracle and other rivals, costing Oracle about US$95 million in profits, the company plans to testify in a jury trial starting next month.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The former chief scientist at a Kentucky defense contractor has been sentenced to a year in prison for buying pirated software from Russian and Chinese hackers and using it to design components for military helicopters.
 
LinuxSecurity.com: Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control [More...]
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: pam-xdg-support could be made to run programs as an administrator.
 
LinuxSecurity.com: Several security issues were fixed in the Apache HTTP Server.
 
LinuxSecurity.com: A vulnerability has been found and corrected in nagios: Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in sudo: sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting [More...]
 
LinuxSecurity.com: The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren't run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would [More...]
 
LinuxSecurity.com: New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user `libvirt-qemu` and group `kvm`, which is a general purpose group not specific to libvirt, allowing unintended write access to [More...]
 

Security reporter Brian Krebs has uncovered some details about one of the people tied to the denial of service attack on his site and the fraudulent 911 call that brought armed police to Krebs' doorstep. It turns out the hacker may have delivered grief to another technology reporter not too long ago: Mat Honan. And, yes, that hacker appears to have used accounts tied to Friday's DOS attack on Ars.

Krebs connected with the operator of TwBooter (booter.tw) who told the reporter that the accounts used to launch said attacks were taken over by a hacker who goes by Phobia. (The TwBooter operator wouldn't explain how he knew, however.) Other leads Krebs uncovered pointed to a group of gamers and hackers called "Team Hype," upset by his reporting on the identity theft clearinghouse site ssndb.ru—because they, apparently, had been using information from the site to take over the Xbox Live gamertags of Microsoft employees before selling them to other players.  One of the members of that group was known as Phobia.

According to Krebs' source, Phobia had been bragging to others that he was responsible for both the DOS attack on Krebs' site and the call that brought armed police to his house. But Phobia, who had until recently used the Twitter account @PhobiaTheGod, had his personal details exposed as well. He had been "doxed" on the site Skidpaste.org. So Krebs decided to use that information to give Phobia a call.

Read 1 remaining paragraphs | Comments

 

Infosec boffins meet to plan nuke plant hack response
Register
Stuxnet gave the world a graphic demonstration just how high the stakes can be when malware hits machinery. This week, the world is starting to plan a response to an even scarier incident, in which an online attack is aimed at a working nuclear or ...

 
The former chief scientist at a Kentucky defense contractor has been sentenced to a year in prison for buying pirated software from Russian and Chinese hackers and using it to design components for military helicopters.
 
Linux Kernel Bluetooth HIDP Information Disclosure Vulnerability
 
Jammie Thomas-Rasset, a Minnesota woman who has been fighting for years to reverse a $222,000 judgment for music piracy, finally ran out of legal appeals on Monday after the U.S. Supreme Court declined to hear her petition for a review of the case.
 

Last week, Security Editor Dan Goodin posted a story about the "swatting" of security reporter Brian Krebs and the denial of service attack on Krebs' site. Soon after, Ars was targeted by at least one of the individuals behind the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial of service attack struck our site, making connectivity to Ars problematic for a little less than two hours.

The attack continued to run throughout Friday. At 9pm EDT, when our hosting provider brought down one of the filters that had been put in place to thwart it, it quickly became apparent that the attack was still underway, and the filter was restored. The most aggressive filters were finally removed on Saturday.

At least in part, the offensive used the same attack tool and user credentials that were involved in the denial-of-service (DoS) attack on Krebs On Security, as Krebs himself revealed in a blog post. The attackers used multiple accounts on TwBooter, a "booter" site that provides denial of service attacks as a paid service (ostensibly for security testing purposes), to launch an automated, denial of service attack on Ars. And at least one of those logins was also used to attack Krebs' site.

Read 13 remaining paragraphs | Comments

 
MIT Kerberos 5 CVE-2012-1016 NULL Pointer Dereference Denial of Service Vulnerability
 
NOPcon 2013 - Call for paper - Istanbul , Turkey
 

A few readers have written in offering and asking for information on the Spamhaus Project outage.

We have very little confirmed information at this time.

The website is confirmed to be unreachable [1] and there is some chatter on twitter [2] [3] [4]. Ive read there is an elusive email notification sent from Spamhaus. We have yet to see it or read it.

Please comment with any information or impact you are experiencing from the outage today.



[1] http://www.spamhaus.org

[2] https://twitter.com/spamhaus

[3] https://twitter.com/LucRossini/status/313394569435807745

[4]https://twitter.com/search?q=%23Spamhaus





-Kevin

--

ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hewlett-Packard may seek damages of US$4 billion to $4.2 billion from Oracle in its lawsuit over support for Itanium server architecture.
 
One scenario for using EA's Origin service as an attack platform to execute malicious code on end-user computers.

More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game platform allowing attackers to remotely execute malicious code on players' computers.

The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game store into an attack platform that can covertly install malware on customers' computers.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Read 5 remaining paragraphs | Comments

 
A site that published the private information and credit reports of several celebrities and other public figures last week went offline on Sunday. The last person to have his alleged private information exposed on the site was CIA director John Brennan.
 
 
[ MDVSA-2013:028 ] nagios
 
NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow
 
Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
 

-Kevin -- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 



Among the different methods to configure IPv6 addresses, most managed networks will likely stick with DHCP. DHCPv6 however is a bit different then DHCPv4. We will summarize here some of the basic differences between DHCPv4 and DHCPv6.



DHCPv4 is often used to manage a limited address pool. This problem is not going to be an issue in IPv6, and as a result, the focus of the protocol changes to provide address management and renumbering of hosts. DHCPv6 is also a complete rewrite of the protocol. A lot of the old BOOTP parameters are gone, and the DHCPv6 packet is a simple type-length-value format packet without many of the fixed fields present in DHCPv4



DHCPv6 uses UDP ports 546 and 547, not 67/68 like DHCPv4.

DHCP Unique Identifiers (DUID)

In DHCPv4, hosts are identified by there MAC addresses. However, MAC addresses are Ethernet specific, and other networking technologies may use different identifiers. DHCPv6 introduces a mandatory DUID to identify hosts. Some modern DHCPv4 implementations use an optional DUID, but in DHCPv6, a DUID becomes mandatory.



RFC3315 defines three different methods to assign DUIDs. Most commonly, the time stamp of the first boot of the system, followed by the link layer address (MAC Address for Ethernet) is used as DUID. This is then referred to as DUID-LLT (link-layer address plus time). Other options are vendor assigned DUIDs or the use of the link layer address by itself. The reason to add the time stamp is to distinguish two clients that are connected to the same network, even if they are not connected at the same time (which wouldnt work for Ethernet). The link layer address by itself should only be used for devices without non-volatile storage that are connected permanently to the network.



If a system has multiple network interfaces, all will use the same DUID. To distinguish different interfaces, an identity association (IA) will be used.



If you configure static IP addresses in your DHCP server, you will have to using the DUID and IA to identify the system, not the MAC address. Sadly, different servers use different formatsto represent these identifiers, and you need to figure out how to translate the number your host provides into one the server configuration understands.

DHCP and Router Advertisements

At first, it may look like DHCP is an alternative to router advertisements. This is true when it comes to address assignments. But overall, DHCPv6 is an extension to router advertisements, and DHCPv6 will not work without router advertisements. First of all, the managed and other flags of router advertisements will let the host know to request an address, or other configuration parameters via DHCP. Also, the default gateway will be assigned via router advertisements, not DHCP.

managed and other flags

If only the other flag is set in router advertisements, it indicates that addresses are assigned via router advertisements, but other parameters, like recursive DNS servers, are assigned via DHCP. DHCP will in this case configure everything BUT the address. The managed flag on the other hand will tell the host to use DHCP for address configuration as well as to configure additional parameters.

DHCP-PD

For IPv6, ISPs will likely assign /64 or larger networks to each customer. Right now, ISPs usually use DHCP to assign addresses. The customer typically runs a NAT gateway and the external IPv4 address assigned by the ISP is shared within the customers network. DHCPv6 includes a special mode, prefix delegation to allow this architecture for IPv6. Instead of assigning an individual address, DHCP is used to assign a prefix to a router. The router will then typically use router advertisements to advertise this prefix internally and hosts will use these addresses.

Renumbering

With DHCPv4, a host will pick up an address, along with a lease time. Half way through the lease, the host will check if the address is still valid. In addition, the host will request a new address after each reboot. In IPv6, this is still true in principle. However, the DHCP server may initiate renumbering if for example the IPv6 prefix changed. In addition, a host that reboots will first check if the old address is still valid. This behavior is also frequently seen in IPv4, but in IPv6 it is more likely that the old address can be reused.



Did I forget anything? For just a simple network configuration, setting up DHCPv6 isnt all that hard. The part where it gets tricky is if you try to assign static addresses, or multiple addresses to a particular interface.



References: DHCPv6 RFC http://tools.ietf.org/html/rfc3315

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft will start automatically pushing Windows 7 Service Pack 1 (SP1) to customers on Tuesday as a last-ditch move before it drops the original 2009 edition of Windows 7 from support next month.
 
A federal judge today sentenced hacker Andrew Auernheimer's to 41 months in prison for illegally accessing email addresses and other data belonging to more than 120,000 iPad subscribers from AT&T's networks.
 
[ MDVSA-2013:027 ] clamav
 
[ MDVSA-2013:026 ] sudo
 
[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54)
 
[SECURITY] [DSA 2650-2] libvirt regression update
 
Social pinboard site interest began rolling out a redesign to its users today.
 
Google today said it had paid a researcher $40,000 for a partial exploit of Chrome OS at its Pwnium 3 hacking contest two weeks ago.
 
A House committee this week is meeting to determine whether regulations, including a possible tax on mobile health apps may stifle innovation in healthcare.
 
Premier 100 IT Leader Zack Hicks answers three questions on networking as a career choice.
 
 
Andrew Auernheimer, aka weev, has been sentenced to 41 months prison for his part in extracting 120,000 email addresses from an AT&T server


 
Segmenting customers and watching their habits on Facebook and other social networks shows the music company how to customize its marketing.
 
It was a tough Monday morning for some Google Drive users who had to deal with a service outage that lasted about two hours.
 
The practice of issuing SSL certificates for internal domain names with unqualified extensions could endanger the privacy and integrity of HTTPS communications for upcoming generic top-level domains, according to a security advisory from ICANN.
 
It's been a tough Monday morning for some Google Drive users who have been dealing with a service outage.
 
[slackware-security] ruby (SSA:2013-075-01)
 
[SECURITY] [DSA 2650-1] libvirt-bin security update
 
[SECURITY] [DSA 2649-1] lighttpd security update
 
Apple developers should pencil in June 10-14 as the dates for the Worldwide Developers Conference, according to the current schedule at the San Francisco venue where Apple has held the confab for the last 10 years.
 
Microsoft's support for Windows Phone 8 and Windows Phone 7.8 will end in the second half of 2014, according to the software maker.
 
[SECURITY] [DSA 2646-1] typo3-src security update
 
A German hacker looked into Polycom's HDX series of videoconferencing systems – and found various ways of taking control of these devices remotely. The result: attackers can get unauthorised eyes and ears in conference rooms


 
Chip maker ST-Ericsson will be wound down as parents STMicroelectronics and Ericsson have decided to take over some parts of the company, including LTE modems and application processors, and close or sell the rest.
 
MySQL and MariaDB Geometry Query Denial Of Service Vulnerability
 
RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
 
At the Black Hat Europe security conference, Trend Micro has presented a research report on a practical test and has demonstrated how and from where industrial systems are being attacked with malware


 
MIT Kerberos 5 CVE-2013-1415 NULL Pointer Dereference Denial of Service Vulnerability
 
Linux Kernel CVE-2013-0914 Local Information Disclosure Vulnerability
 
Facebook quickly fixed a privacy leak in its new timeline after being alerted to the problem, according to a watchdog that follows the social networking site.
 
Apple CEO Tim Cook's approval rating fell in the last 12 months, dropping Steve Jobs' successor to the 18th spot on an annual ranking of American chief executives.
 
Facebook users are constantly being told that their privacy is under siege. Here are seven apps that can help secure your personal data.
 
A recent security audit by Mozilla led to the Etherpad Lite developers fixing a number of "gaping loopholes" in the JavaScript/Node.js-based collaborative editor


 
Top exec Ursula Burns outlines Xerox's widening portfolio of IT, business process and document outsourcing services. Insider (registration required)
 
Pope Francis made his first foray into the world of Twitter, making his first tweet on Sunday.
 
VLC Media Player HTML Subtitle Multiple Buffer Overflow Vulnerabilities
 
The National Institute of Standards and Technology (NIST) has issued draft recommendations for securely configuring and using full virtualization technologies, which, by means of software, duplicate a computers operating system and its ...
 
On July 15, 2010, two Department of Commerce Agenciesamp-the National Institute of Standards and Technology (NIST) and the National Telecommunications and Information Administration (NTIA)amp-announced the completion of a major ...
 
A computer security invention patented* a decade ago at the National Institute of Standards and Technology (NIST) is now poised to help safeguard patient privacy in hospitals.Photo courtesy GWImagesShutterstockThe inventionamp-an ...
 
After a public comment period, the National Institute of Standards and Technology (NIST) has published an updated set of guidelines for developing security assessment plans and associated security control assessment procedures that are ...
 
As part of its initiative to ensure that the Internet continues to spawn growth and innovation, the Department of Commerce will hold a symposium on 'Cybersecurity and Innovation in the Information Economy' on July 27, 2010, at the Ronald ...
 
Cybersecurity training is spreading from high-tech and government offices into high schools, libraries and workplaces near you. Called the National Initiative for Cybersecurity Education (NICE) and coordinated bythe National Institute of ...
 
Ethel Marden, National Bureau of Standards (now the National Institute of Standards and Technology) computer programmer, operates the Standards Electronic Automatic Computer (SEAC) during the 1950s.Credit: NISTView hi-resolution imagetab
 
 
The National Institute of Standards and Technology (NIST) has been designated by Federal Chief Information Officer Vivek Kundra to accelerate the federal governmentamp's secure adoption of cloud computing by leading efforts to develop ...
 
This simulation depicts flow in a rheometer, as its rotating vanes blade begins to stir a suspension of particles. Colors represent the quadrant where the particles are initially positioned. Such simulations can be used to link ...
 
Researchers at the National Institute of Standards and Technology (NIST) have released an updated version of a computer system testing tool that can cut costs by more efficiently finding flaws. A tutorial on using the tool accompanies ...
 
A new publication from the National Institute of Standards and Technology (NIST) provides technical guidance to government agencies and other organizations interested in mitigating risks with WiMAX (Worldwide Interoperability for ...
 
The National Institute of Standards and Technology (NIST) and the National Telecommunications and Information Administration (NTIA) are seeking partners in the telecommunications industry to help create a demonstration broadband ...
 
On November 4 and 5, 2010, the National Institute of Standards and Technology (NIST) will host the Cloud Computing Forum and Workshop II to give government and industry stakeholders opportunity to comment on the next steps in developing ...
 
 
The Sixth Annual IT Security Automation Conference, co-hosted by the National Institute of Standards and Technology (NIST), focuses on applying and integrating emerging cyber security automation technologies and software assurance into a ...
 
In efforts to help the nations health care industry make the transition to the digital age in an effective and meaningful fashion, the National Institute of Standards and Technology (NIST) has published a set of approved procedures for ...
 
Nothing beats the feeling of starting up a new computer amp- be it a laptop, desktop or a major, custom-designed computing system. A new system is a blank slate with no worry of botnets, viruses or any other cybersecurity ...
 
The Commerce Department has published a Notice of Inquiry (NOI) on 'Cybersecurity, Innovation, and Internet Policy.' The department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on ...
 
A comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy that is being conducted by The Department of Commerces Internet Policy Task Force is the subject of the ...
 
The National Institute of Standards and Technology (NIST) will host the Cloud Computing Forum and Workshop III on April 7-8, 2011, at its Gaithersburg, Md., campus. Featured speakers include U.S. Chief Information Officer Vivek Kundra, ...
 
The National Institute of Standards and Technologyamp's (NIST) Donna Dodson has received the 2011 Federal 100 Award. Presented by Federal Computer Week, the award honors the top professionals in the federal information technology ...
 
Before you can build that improved turbojet engine, before you can create that longer-lasting battery, you have to ensure all the newfangled materials in it will behave the way you wantamp-even under conditions as harsh as the upper ...
 
Computer scientists at the National Institute of Standards and Technology (NIST) are requesting comments from interested parties on their biennial update of the catalog of security controls for the federal government. The security ...
 
The National Institute of Standards and Technology (NIST) has published the final version of a special publication that can help organizations to more effectively integrate information security risk planning into their mission-critical ...
 
What NIST-led innovation is estimated to have saved U.S. industry $6.1 billion over the past 20 years? Well, probably several, but, perhaps surprisingly, a new economics study* points to the development of 'role-based access control,' a ...
 
If you found this article through a search engine, you can thank an automated text retrieval system. For 20 years, the Text REtrieval Conference (TREC) sponsored by the National Institute of Standards and Technology (NIST) has been one ...
 
Information technology experts, insurers, policy makers and representatives of healthcare organizations will convene on April 5-6, 2011, in Bethesda, Md., to survey current approaches to preserving electronic health records (EHRs) and ...
 
The National Institute of Standards and Technology (NIST) and the Federal Information Systems Security Educators Association (FISSEA) are co-hosting FISSEAamp's 24th annual conference March 15-17, 2011, at NISTamp's Gaithersburg, Md. ...
 
The National Institute of Standards and Technology (NIST) has issued two new draft documents on cloud computing for public comment, including the first set of guidelines for managing security and privacy issues in cloud computing. The ...
 
The National Institute of Standards and Technology (NIST) has issued the final version of its recommendations for securely configuring and using full computing virtualization technologies. The security recommendations are contained ...
 
The Information Technology Laboratory of the National Institute of Standards and Technology (NIST) is pleased to announce that Jeremy Grant is joining the NIST team as a senior executive advisor. Mr. Grant has been selected to manage the ...
 
At a January 7, 2011 forum with Silicon Valley business and academic leaders at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt announced plans to create a National Program ...
 
At a forum with Silicon Valley business and academic leaders at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt today announced plans to create a National Program Office ...
 
Palo Alto, Calif. amp- As part of a meeting today with local industry and academic leaders in Silicon Valley, at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt will ...
 
On Dec. 9, 2010, the National Institute of Standards and Technology (NIST) announced the selection of five finalists in its ongoing competition to select a new cryptographic hash algorithm standard, one of the fundamental security tools ...
 
As the day draws nearer for the world to run out of the unique addresses that allow us to use the Internetamp-now predicted to happen by the end of 2012amp-researchers at the National Institute of Standards and Technology (NIST) have ...
 
Two new draft publications from the National Institute of Standards and Technology (NIST) provide the groundwork for a three-tiered risk-management approach that encompasses computer security risk planning from the highest levels of ...
 
Two new publications from the National Institute of Standards and Technology (NIST) are intended to help developers of software and computer systems for doctors offices, clinics, and hospitals improve the ease of use of electronic health ...
 
The National Institute of Standards and Technology (NIST) has joined in a new public-private partnership to spur cybersecurity innovation in the financial services sector. Through a memorandum of understanding signed on Dec. 6, 2010, ...
 
With increasing dependency on information systems and advances in cloud computing, the smart grid and mobile computing, maintaining the confidentiality and integrity of citizens personally identifiable information is a growing challenge. ...
 
Researchers at the National Institute of Standards and Technology (NIST) have released for public comment updated specifications for the Security Content Automation Protocol (SCAP), which helps organizations find and manage ...
 
The National Institute of Standards and Technology (NIST) has issued the final version of its Guide to Industrial Control Systems (ICS) Security (SP 800-82),* intended to help pipeline operators, power producers, manufacturers, air ...
 
Most industry executives, military planners, research managers or venture capitalists charged with assessing the potential of an RampampD project probably are familiar with the wry twist on Arthur C. Clarkes third law*: 'Any sufficiently ...
 
The Department of Commerces Internet Policy Task Force is requesting comments on a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but ...
 
A new White House policy document released today* highlights strategic roles that the National Institute of Standards and Technology (NIST) plays in accelerating the modernization of the nations electric infrastructure, bolstering ...
 
Robotic automation, microrobotics and robotic perception and recognition all advanced a few steps closer to their future applications in manufacturing, health care and other areas during the week of May 9-13, 2011.A photomicrograph ...
 
The National Institute of Standards and Technology (NIST) is hosting a workshop on usability of electronic health records (EHR) on June 7, 2011, at NISTs campus in Gaithersburg, Md. 'A Community-Building Workshop: Measuring, Evaluating ...
 
The cloud computing research team at the National Institute of Standards and Technology (NIST) is requesting public comments on a draft of its most complete guide to cloud computing to date.NIST Cloud Computing Synopsis and ...
 
A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process. Commonly known as the Basic InputOutput System (BIOS), this fundamental ...
 
On April 15, the Obama Administration formally launched its National Strategy for Trusted Identities in Cyberspace (NSTIC), a plan to work with the private sector to develop a private market for secure identity credentials for the ...
 
The governing board of the Smart Grid Interoperability Panel (SGIP) has voted in favor of a new standard and a set of guidelines important for making the long-planned amp"smartamp" electricity grid a reality. The two documents address ...
 
Ron Ross, a National Institute of Standards and Technology (NIST) Fellow, has been named to InformationWeek Governmentamp's CIO 50, which identifies 2010amp's top information technology decision-makers in government. Ross is project lead ...
 
Itamp's increasingly difficult to keep up with all the vulnerabilities present in todayamp's highly complex operating systems and applications. Attackers constantly search for and exploit these vulnerabilities to commit identity fraud, ...
 
The National Institute of Standards and Technology (NIST) is co-hosting a conference to explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security ...
 
The National Institute of Standards and Technology (NIST) awarded today a $1 million cooperative agreement to the University of Maryland at College Park (UMD). Researchers at UMDamp's Institute for Systems Research will help NIST as it ...
 
Washington, D.C.amp-The U.S. departments of Commerce and Homeland Security (DHS) today discussed with other federal agencies and private-sector leaders in the information technology industry the need to create a voluntary industry code ...
 
Maryland Governor Martin OMalley addressed several hundred educators, IT experts, and others at the National Institute of Standards and Technology (NIST) yesterday as part of a workshop hosted by the National Initiative for Cybersecurity ...
 
Risk assessment is the topic of the newest special publication from the National Institute of Standards and Technology (NIST). Guide for Conducting Risk Assessments (NIST Special Publication 800-30, Revision 1), an extensive update to ...
 
The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy. Together, ...
 
Bringing order and security to the patchwork quilt of computing environments in a large organization can be a daunting task. Software tools and technical specifications that allow security information to be shared between information ...
 
The Seventh Annual IT Security Automation Conference, co-hosted by the National Institute of Standards and Technology (NIST), will focus on the breadth and depth of principles and technologies designed to support computer security ...
 
The National Institute of Standards and Technology (NIST) will host a workshop on cryptography for new technologies from Nov. 7-8, 2011, at the agencyamp's Gaithersburg, Md., campus.As the Internet evolves, it is becoming possible for ...
 
The National Institute of Standards and Technology (NIST) today* issued for public comment a draft strategic plan for the National Initiative for Cybersecurity Education (NICE) program. The plan, 'Building a Digital Nation,' outlines ...
 
A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.The first ...
 
A newly revised publication from the National Institute of Standards and Technology (NIST) expands the options for government agencies that need to verify the identity of users of their Web-based services. Electronic Authentication ...
 
The National Institute of Standards and Technology (NIST) published a revised biometric standard in November, 2011, that vastly expands the type and amount of information that forensic scientists can share across their international ...
 
Computer scientists at the National Institute of Standards and Technology (NIST) have dramatically enlarged a database designed to improve applications that help programmers find weaknesses in software. This database, the SAMATE ...
 
A new tool, developed by the National Institute of Standards and Technology (NIST) and offered for free, can help public and private organizations, large and small, to understand and implement the requirements of the Health Insurance ...
 
Charles H. Romine, new director of the NIST Information Technology Laboratory.Credit: NISTView hi-resolution imageCharles (Chuck) H. Romine became director of the Information Technol
 
The National Initiative on Cybersecurity Education (NICE) has published for public comment a draft document that classifies the typical duties and skill requirements of cybersecurity workers. The document is meant to define professional ...
 
The National Institute of Standards and Technology (NIST) has released for public comment a draft 'roadmap' that is designed to foster federal agencies adoption of cloud computing, support the private sector, improve the information ...
 
The National Institute of Standards and Technology (NIST) has agreed to work with the Department of Education and a new organization, the National Cybersecurity Education Council (NCEC), to develop a strategic public-private partnership ...
 
The U.S. Commerce Departments National Institute of Standards and Technology (NIST) has released for public comment a draft 'roadmap' that is designed to foster federal agencies adoption of cloud computing, support the private sector, ...
 
If quantum computers are ever to be realized, they likely will be made of different types of parts that will need to share information with one another, just like the memory and logic circuits in todays computers do. However, prospects ...
 
The National Institute of Standards and Technology (NIST) has issued for public review and comment two draft guides to securing wireless communication networks. NIST is requesting comments on the two publicationsamp-one on Bluetooth ...
 
After years in the works and 15 drafts, the National Institute of Standards and Technologys (NIST) working definition of cloud computing, the 16th and final definition has been published as The NIST Definition of Cloud Computing (NIST ...
 
Government Computer News magazine has honored the Digital Library of Mathematical Functions (DLMF), which the National Institute of Standards and Technology (NIST) released last year, with one of its 10 annual awards for information ...
 
A new computer security publication* from the National Institute of Standards and Technology (NIST) will help organizations understand their security posture against threats and vulnerabilities and determine how effectively their ...
 
The National Institute of Standards and Technology (NIST) will unveil the public draft of its U.S. Government Cloud Computing Technology Roadmap at the Cloud Computing Forum ampamp Workshop IV that it will host Nov. 2-4, in Gaithersburg, ...
 
The National Institute of Standards and Technology (NIST) is co-hosting the fifth annual Safeguarding Health Information: Building Assurance through HIPAA Security conference on June 6 and 7, 2012, at the Ronald Reagan Building and ...
 
The National Institute of Standards and Technology (NIST) has announced proposed changes to a standard that specifies how to implement digital signatures, which can be used to ensure the integrity of electronic documents, such as wills ...
 
Securing computers against unlawful and malicious attacks is always important, but itamp's especially vital when the computers in question control major physical systemsamp-manufacturing plants, transportation systems, power grids. ...
 
Washington, D.C. -- Responding to President Obamas call for an 'all-of-the-above' strategy to help consumers reduce their energy costs, the Administration announced on March 22 that nine major utilities and electricity suppliers will ...
 
An important aspect of any product is how easily someone can use it for its intended purpose, also known as usability. Electronic health records (EHR) that are usable have the potential to improve patient care, which is why the National ...
 
On March 9, the National Institute of Standards and Technology (NIST) announced that it is soliciting proposals to establish a steering group in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC) and to provide ...
 
 
The National Institute of Standards and Technology (NIST) has released in final form a guide to enhanced security for wireless local area networks (WLAN). A WLAN is a group of wireless networking devices within a limited geographic area, ...
 
 
An updated roadmap for the Smart Grid is now available from the National Institute of Standards and Technology (NIST), which recently finished reviewing and incorporating public comments into the NIST Framework and Roadmap for Smart Grid ...
 
A major revision of a Federal Information Security Management Act (FISMA) publication released today by the National Institute of Standards and Technology (NIST) adds guidance for combating new information security threats and ...
 
The National Institute of Standards and Technology (NIST) has published for public comment a draft update to a guide for organizations managing their responses to computer security incidents such as hacking attacks. The authors cast a ...
 
State of Maryland and Montgomery County Join PartnershipThe National Institute of Standards and Technology (NIST) today announced a new partnership to establish the National Cybersecurity Center of Excellence, a public-private ...
 
The National Institute of Standards and Technology (NIST) released its recommendations for a new, privately led steering group to tackle the complex policy and technical issues necessary to create an online environment where individuals ...
 
The National Institute of Standards and Technology (NIST) will host the 25th annual conference of the Federal Information Systems Security Educatoramp's Association (FISSEA) March 27-29, 2012, at its Gaithersburg, Md., ...
 
Video recordings of the Nov. 2-4, 2011 Cloud Computing Forum ampamp Workshop IV hosted by the National Institute of Standards and Technology (NIST) are now available for on-line viewing.The three-day November meeting featured, among ...
 
Proposersamp' Conference Set for Feb. 15WASHINGTON - The National Institute of Standards and Technology (NIST) today announced a competition to award a total of approximately $10 million for pilot projects to accelerate progress toward ...
 
Three new draft reports published by the National Institute of Standards and Technology (NIST) are designed to help both public and private organizations improve the security of their information management systems by developing ...
 
The National Institute of Standards and Technology (NIST) has finalized its first set of guidelines for managing security and privacy issues in cloud computing.*Guidelines on Security and Privacy in Public Cloud Computing (NIST Special ...
 
The International Biometric Performance Conference 2012, to be held March 5-9 at the National Institute of Standards and Technology (NIST), will bring together evaluators, users and technology providers to discuss recent advances in the ...
 
The National Strategy for a Trusted Identities in Cyberspace (NSTIC) National Program Office will host the 2012 NISTNSTIC IDtrust Workshop amp"Technologies and Standards Enabling the Identity Ecosystemamp" on March 13 and 14, 2012, in ...
 
The National Institute of Standards and Technology (NIST) needs American innovators and entrepreneurs to help solve technological problems and develop NIST technologies into marketable products. The NIST Small Business Innovation ...
 
The National Institute of Standards and Technology (NIST) is conducting the 21st annual Text Retrieval Conference (TREC), the premier experimental effort in the field, to encourage research in information retrieval and related ...
 
The National Institute of Standards and Technology (NIST) will co-sponsor the 2012 Biometric Consortium Conference (BCC 2012), September 18-21, 2012, at the Tampa Convention Center in Tampa, Fla. The annual conference, produced in ...
 
Tests performed at the National Institute of Standards and Technology (NIST) show that a new method for splitting photon beams could overcome a fundamental physical hurdle in transmitting electronic data. These results* could lead to ...
 
The National Institute of Standards and Technology (NIST) has published the final version of its guide for managing computer security incidents. Based on best practices from government, academic and business organizations, this updated ...
 
The Identity Ecosystem Steering Group Kickoff Meeting to support the National Strategy for Trusted Identities in Cyberspace (NSTIC) will be held Aug. 15 and 16, 2012, in Chicago, Ill.In April 2011, President Obama signed the strategy, ...
 
Detecting and stopping malicious attacks on computer networks is a central focus of computer security these days. The National Institute of Standards and Technology (NIST) is asking for comments on two updated guides on malicious ...
 
A new guide from the National Institute of Standards and Technology (NIST) describes a 'scoring system' that computer security managers can use to assess the severity of security risks arising from software features that, while ...
 
Next-generation 'smart' electrical meters for residential and commercial buildings will have computerized operating systems just as laptops or mobile devices do. On July 10, 2012, the National Institute of Standards and Technology (NIST) ...
 
The National Institute of Standards and Technology (NIST) has released the second-round draft version of its updated security standard for identity credentials in the Personal Identity Verification cards (PIV cards) that all federal ...
 
The National Institute of Standards and Technology (NIST) has released a guide to help improve the design of electronic health records for pediatric patients so that the design focus is on the usersamp-the doctors, nurses and other ...
 
The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devicesamp-such as smart phones and tabletsamp-that are used by the federal government. NIST is asking for ...
 
A powerful color-based imaging technique is making the jump from remote sensing to the operating roomamp-and a team of scientists* at the National Institute of Standards and Technology (NIST) have taken steps to ensure it performs as ...
 
The National Institute of Standards and Technology (NIST) has issued the final version of the Guide to Bluetooth Security (NIST Special Publication 800-121 Rev. 1). The publication is a revision of the original guide, which was released ...
 
The National Institute of Standards and Technology (NIST) is hosting a workshop on the use of 'big data'amp-a term referring to massive amounts of stored and streaming digital informationamp-at its Gaithersburg, Md., campuss Green ...
 
For a clear view of cloud computing, the National Institute of Standards and Technology (NIST) has issued a new publication that explains cloud systems in plain language.The final version of Cloud Computing Synopsis and Recommendations ...
 
The National Cybersecurity Center of Excellence (NCCoE) will host a kickoff workshop on Tuesday, June 26, 2012. The workshopamp's goal is to introduce the center, which will bring together experts from industry, government and academia ...
 
Botnet activity is on the rise around the globe, and to help understand this problem the National Institute of Standards and Technology (NIST) is hosting a free, day-long workshop May 30, 2012, at its Gaithersburg, Md., campus. Technical ...
 
On Tuesday, May 22, 2012, the National Institute of Standards and Technology (NIST) and the Office of the National Coordinator for Health IT (ONC) will host amp"Creating Usable Electronic Health Records: A User-Centered Design Best ...
 
The National Institute of Standards and Technology (NIST) has extended until May 25, 2012, the comment period for the second draft of a publication intended to help federal departments and agencies better manage supply chain risks for ...
 
Researchers at the National Institute of Standards and Technology (NIST) have developed and published a new protocol for communicating with biometric sensors over wired and wireless networksamp-using some of the same technologies that ...
 
The National Institute of Standards and Technology (NIST) is hosting Cloud Computing Forum ampamp Workshop V on June 5-7, 2012, at the Department of Commerceamp's Herbert C. Hoover Building in Washington, D.C.Cloud computing is a model ...
 
 
Identifying people by acquiring pictures of their eyes is becoming easier, according to a new report* from the National Institute of Standards and Technology (NIST). NIST researchers evaluated the performance of iris recognition software ...
 
The National Institute of Standards and Technology (NIST) has published draft guidelines that outline the baseline security technologies mobile devices should include to protect the information they handle. Smart phones, tablets and ...
 
A new software test suite developed at the National Institute of Standards and Technology (NIST) allows local and federal agencies and other users of the NISTs revised biometric standard to gain higher confidence that the correct ...
 
The National Institute of Standards and Technology (NIST) has published for public comment a revised draft of its guidance for managing computer patches to improve overall system security for large organizations. The previous version, ...
 
The National Institute of Standards and Technology (NIST) today announced the winner of its five-year competition to select a new cryptographic hash algorithm, one of the fundamental tools of modern information security.Credit: K. ...
 
The National Institute of Standards and Technology (NIST) is offering a strong finale to National Cybersecurity Awareness month with its the third annual National Initiative for Cybersecurity Education (NICE) Workshop, Oct. 30 through ...
 
The U.S. Department of Commerceamp's National Institute of Standards and Technology (NIST) today announced more than $9 million in grant awards to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). Five U.S. ...
 
ampnbspOnline registration is now open for [email protected] 2012, a three-day symposium on cutting-edge forensic science research being performed at NIST. The symposium will run from Wednesday, November 28 - Friday, November 30, 2012, at ...
 
The National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines that can provide senior leaders and executives with the information they need to understand and make decisions about ...
 
The National Institute of Standards and Technology (NIST) will host a workshop at its Gaithersburg, Md., headquarters October 15 and16, 2012, to discuss ways NIST can focus its work to help federal departments and agencies manage the ...
 
The National Institute of Standards and Technology (NIST) is requesting comments on new draft guidelines for securing BIOS systems for server computers. BIOSamp-Basic Inputoutput Systemamp-is the first major software that runs when a ...
 

Posted by InfoSec News on Mar 17

http://www.dailyherald.com/article/20130315/business/703159783/

By Anna Marie Kukec
Daily Herald
3/15/2013

When a young employee of iRobot left the company known for the Roomba
self-traveling vacuum, a competing product soon hit the market. After a period
of surveillance, the company filed a lawsuit against the former employee for
taking trade secrets.

Also making robots for the military, the company requires high security and
hired Daniel...
 

Posted by InfoSec News on Mar 17

http://arstechnica.com/tech-policy/2013/03/feds-charge-two-men-in-plot-to-sell-hacked-subway-gift-cards-worth-40000/

By Cyrus Farivar
Ars Technica
Mar 15 2013

Two California men were charged in a case involving hacking point-of-sale (POS)
computers at various Subway restaurants in a newly unsealed indictment on
Friday in Boston.

The two suspects are Shahin Abdollahi, aka “Sean Holdt,” and Jeffrey Thomas
Wilkinson, both of San Bernardino...
 

Posted by InfoSec News on Mar 17

http://www.telegraphindia.com/1130316/jsp/jharkhand/story_16677875.jsp#.UUXj97I-vQY

By Vijay Deo Jha
The Telegraph
March 16, 2013

A 35-year-old man, claimed to be among the country’s few ethical hackers and
one who helped police of several states, including Jharkhand and Bihar, crack
cyber crime, actually seems to have taken governments, media and police for a
ride.

Deepak Kumar, a native of Bihar’s Arwal district, has used his public...
 

Posted by InfoSec News on Mar 17

http://www.wbir.com/news/article/259768/2/Y-12-security-breach-detailed-by-former-contractor-in-report

WBIR.com
Mar 15, 2013

Nearly eight months after an unprecedented break-in at the Y-12 National
Security Complex in Oak Ridge, 10News has received a copy of the response its
former contractor filed with the National Nuclear Security Administration
(NNSA) explaining what happened at what's supposed to be among the most secure
buildings...
 

Posted by InfoSec News on Mar 17

http://www.wired.com/threatlevel/2013/03/hackers-game-casino/

BY KIM ZETTER
Threat Level
Wired.com
03.15.13

A high-roller and hacker accomplices made off with about $33 million after they
gamed a casino in Australia by hacking its surveillance cameras and gaining an
advantage in several rounds of high-stakes card games.

The Ocean’s Eleven-style heist played out over eight hands of cards before the
gambler was caught, though not before the...
 
Internet Storm Center Infocon Status